Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/102005 | Third Party Advisory VDB Entry |
https://www.splunk.com/view/SP-CAAAP3K | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-11-30T02:00:00
Updated: 2017-12-02T10:57:01
Reserved: 2017-11-29T00:00:00
Link: CVE-2017-17067
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-11-30T02:29:04.273
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-17067
JSON object: View
Redhat Information
No data.
CWE